diff options
| author | David Zeuthen <davidz@redhat.com> | 2005-04-13 14:27:11 +0000 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2005-04-13 14:27:11 +0000 |
| commit | 44656f538f69e8f8709ddb6ab285db29f65f62dd (patch) | |
| tree | 7481890277faf957d3130bd1a9b32e128f786537 | |
| parent | 893f5b7bf561922dafae9d8397b82ee9ee35ad49 (diff) | |
2005-04-13 David Zeuthen <davidz@redhat.com>
* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-
* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send
* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()
* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
| -rw-r--r-- | ChangeLog | 19 | ||||
| -rw-r--r-- | bus/bus.c | 10 | ||||
| -rw-r--r-- | bus/selinux.c | 168 | ||||
| -rw-r--r-- | bus/selinux.h | 7 | ||||
| -rw-r--r-- | bus/services.c | 9 |
5 files changed, 152 insertions, 61 deletions
@@ -1,3 +1,22 @@ +2005-04-13 David Zeuthen <davidz@redhat.com> + + * bus/selinux.c: Add c-file-style to top of file + (log_audit_callback): Don't free the data here anymore + (bus_selinux_check): Don't take spid and tpid since appending + that to auxdata may OOM. + (bus_selinux_allows_acquire_service): Handle OOM and signal back + to the caller if we are OOM by taking an error object. + (bus_selinux_allows_send): -do- + + * bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service + and bus_selinux_allows_send + + * bus/bus.c (bus_context_check_security_policy): Pass error and + pass on OOM thrown by bus_selinux_allows_send() + + * bus/services.c (bus_registry_acquire_service): Pass error and + pass on OOM thrown by bus_selinux_allows_acquire_service() + 2005-04-13 Havoc Pennington <hp@redhat.com> * glib/dbus-gmain.c (message_queue_dispatch): only dispatch one @@ -1139,8 +1139,16 @@ bus_context_check_security_policy (BusContext *context, dbus_message_get_interface (message), dbus_message_get_member (message), dbus_message_get_error_name (message), - dest ? dest : DBUS_SERVICE_DBUS)) + dest ? dest : DBUS_SERVICE_DBUS, error)) { + + if (dbus_error_is_set (error) && + dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) + { + return FALSE; + } + + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender " "from sending this message to this recipient " diff --git a/bus/selinux.c b/bus/selinux.c index 5cb4438a..c647a77b 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -1,4 +1,5 @@ -/* selinux.c SELinux security checks for D-BUS +/* -*- mode: C; c-file-style: "gnu" -*- + * selinux.c SELinux security checks for D-BUS * * Author: Matthew Rickard <mjricka@epoch.ncsc.mil> * @@ -131,8 +132,6 @@ log_audit_callback (void *data, security_class_t class, char *buf, size_t buflef { DBusString *audmsg = data; _dbus_string_copy_to_buffer (audmsg, buf, bufleft); - _dbus_string_free (audmsg); - dbus_free (audmsg); } /** @@ -363,20 +362,10 @@ bus_selinux_check (BusSELinuxID *sender_sid, BusSELinuxID *override_sid, security_class_t target_class, access_vector_t requested, - unsigned long spid, - unsigned long tpid, DBusString *auxdata) { if (!selinux_enabled) return TRUE; - - if (auxdata) - { - if (spid && _dbus_string_append (auxdata, " spid=")) - _dbus_string_append_uint (auxdata, spid); - if (tpid && _dbus_string_append (auxdata, " tpid=")) - _dbus_string_append_uint (auxdata, tpid); - } /* Make the security check. AVC checks enforcing mode here as well. */ if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), @@ -404,39 +393,54 @@ bus_selinux_check (BusSELinuxID *sender_sid, dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, BusSELinuxID *service_sid, - const char *service_name) + const char *service_name, + DBusError *error) { #ifdef HAVE_SELINUX BusSELinuxID *connection_sid; unsigned long spid; - DBusString *auxdata; + DBusString auxdata; + dbus_bool_t ret; if (!selinux_enabled) return TRUE; - + connection_sid = bus_connection_get_selinux_id (connection); if (!dbus_connection_get_unix_process_id (connection, &spid)) spid = 0; - auxdata = dbus_new0 (DBusString, 1); - if (auxdata) + if (!_dbus_string_init (&auxdata)) + goto oom; + + if (!_dbus_string_append (&auxdata, "service=")) + goto oom; + + if (!_dbus_string_append (&auxdata, service_name)) + goto oom; + + if (spid) { - if (!_dbus_string_init (auxdata)) - { - dbus_free (auxdata); - auxdata = NULL; - } - else if (_dbus_string_append (auxdata, "service=")) - _dbus_string_append (auxdata, service_name); + if (!_dbus_string_append (&auxdata, " spid=")) + goto oom; + + if (!_dbus_string_append_uint (&auxdata, spid)) + goto oom; } - return bus_selinux_check (connection_sid, - service_sid, - SECCLASS_DBUS, - DBUS__ACQUIRE_SVC, - spid, - 0, - auxdata); + ret = bus_selinux_check (connection_sid, + service_sid, + SECCLASS_DBUS, + DBUS__ACQUIRE_SVC, + &auxdata); + + _dbus_string_free (&auxdata); + return ret; + + oom: + _dbus_string_free (&auxdata); + BUS_SET_OOM (error); + return FALSE; + #else return TRUE; #endif /* HAVE_SELINUX */ @@ -459,13 +463,15 @@ bus_selinux_allows_send (DBusConnection *sender, const char *interface, const char *member, const char *error_name, - const char *destination) + const char *destination, + DBusError *error) { #ifdef HAVE_SELINUX BusSELinuxID *recipient_sid; BusSELinuxID *sender_sid; unsigned long spid, tpid; - DBusString *auxdata; + DBusString auxdata; + dbus_bool_t ret; if (!selinux_enabled) return TRUE; @@ -475,27 +481,63 @@ bus_selinux_allows_send (DBusConnection *sender, if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid)) tpid = 0; - auxdata = dbus_new0 (DBusString, 1); - if (auxdata) + if (!_dbus_string_init (&auxdata)) + goto oom; + + if (!_dbus_string_append (&auxdata, "msgtype=")) + goto oom; + + if (!_dbus_string_append (&auxdata, msgtype)) + goto oom; + + if (interface) { - if (!_dbus_string_init (auxdata)) - { - dbus_free (auxdata); - auxdata = NULL; - } - else - { - if (_dbus_string_append (auxdata, "msgtype=")) - _dbus_string_append (auxdata, msgtype); - if (interface && _dbus_string_append (auxdata, " interface=")) - _dbus_string_append (auxdata, interface); - if (member && _dbus_string_append (auxdata, " member=")) - _dbus_string_append (auxdata, member); - if (error_name && _dbus_string_append (auxdata, " error_name=")) - _dbus_string_append (auxdata, error_name); - if (destination && _dbus_string_append (auxdata, " dest=")) - _dbus_string_append (auxdata, destination); - } + if (!_dbus_string_append (&auxdata, " interface=")) + goto oom; + if (!_dbus_string_append (&auxdata, interface)) + goto oom; + } + + if (member) + { + if (!_dbus_string_append (&auxdata, " member=")) + goto oom; + if (!_dbus_string_append (&auxdata, member)) + goto oom; + } + + if (error_name) + { + if (!_dbus_string_append (&auxdata, " error_name=")) + goto oom; + if (!_dbus_string_append (&auxdata, error_name)) + goto oom; + } + + if (destination) + { + if (!_dbus_string_append (&auxdata, " dest=")) + goto oom; + if (!_dbus_string_append (&auxdata, destination)) + goto oom; + } + + if (spid) + { + if (!_dbus_string_append (&auxdata, " spid=")) + goto oom; + + if (!_dbus_string_append_uint (&auxdata, spid)) + goto oom; + } + + if (tpid) + { + if (!_dbus_string_append (&auxdata, " tpid=")) + goto oom; + + if (!_dbus_string_append_uint (&auxdata, tpid)) + goto oom; } sender_sid = bus_connection_get_selinux_id (sender); @@ -505,9 +547,21 @@ bus_selinux_allows_send (DBusConnection *sender, else recipient_sid = BUS_SID_FROM_SELINUX (bus_sid); - return bus_selinux_check (sender_sid, recipient_sid, - SECCLASS_DBUS, DBUS__SEND_MSG, - spid, tpid, auxdata); + ret = bus_selinux_check (sender_sid, + recipient_sid, + SECCLASS_DBUS, + DBUS__SEND_MSG, + &auxdata); + + _dbus_string_free (&auxdata); + + return ret; + + oom: + _dbus_string_free (&auxdata); + BUS_SET_OOM (error); + return FALSE; + #else return TRUE; #endif /* HAVE_SELINUX */ diff --git a/bus/selinux.h b/bus/selinux.h index 3627126c..4424fa82 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -48,14 +48,17 @@ const char* bus_selinux_get_policy_root (void); dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, BusSELinuxID *service_sid, - const char *service_name); + const char *service_name, + DBusError *error); + dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, DBusConnection *proposed_recipient, const char *msgtype, /* Supplementary audit data */ const char *interface, const char *member, const char *error_name, - const char *destination); + const char *destination, + DBusError *error); BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection, DBusError *error); diff --git a/bus/services.c b/bus/services.c index 4392daa2..7a22dce7 100644 --- a/bus/services.c +++ b/bus/services.c @@ -319,8 +319,15 @@ bus_registry_acquire_service (BusRegistry *registry, service_name); if (!bus_selinux_allows_acquire_service (connection, sid, - _dbus_string_get_const_data (service_name))) + _dbus_string_get_const_data (service_name), error)) { + + if (dbus_error_is_set (error) && + dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) + { + goto out; + } + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Connection \"%s\" is not allowed to own the service \"%s\" due " "to SELinux policy", |